CVE-2014-5197

medium

Description

Directory traversal vulnerability in (1) Splunk Web or the (2) Splunkd HTTP Server in Splunk Enterprise 6.1.x before 6.1.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a URI, related to search ids.

References

http://secunia.com/advisories/59940

http://www.securitytracker.com/id/1030690

http://www.splunk.com/view/SP-CAAAM9H

Details

Source: MITRE

Published: 2014-08-12

Updated: 2014-08-13

Type: CWE-22

Risk Information

CVSS v2

Base Score: 4

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8

Severity: MEDIUM